Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'iexplore.exe' = '<SYSTEM32>\iexplore.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'iexplore.exe' = '%APPDATA%\iexplorer\iexplore.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'iexplore.exe' = '<SYSTEM32>\iexplore.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\iexplore.exe' = '<SYSTEM32>\iexplore.exe:*:Enabled:iexplore2'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\iexplorer\iexplore.exe' = '%APPDATA%\iexplorer\iexplore.exe:*:Enabled:iexplore1'
- '%APPDATA%\iexplorer\iexplore.exe' xd
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<SYSTEM32>\iexplore.exe" iexplore2 ENABLE
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\iexplorer\iexplore.exe" iexplore1 ENABLE
- %HOMEPATH%\time.dat
- <SYSTEM32>\iexplore.exe
- %APPDATA%\iexplorer\iexplore.exe
- ClassName: 'Indicator' WindowName: '(null)'